2100 matches found
CVE-2026-55699 pnpm: reserved bin name deletes PNPM_HOME during global remove
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, Manifest bin object keys such as "", ".", and ".." passed pnpm's bin-name guard. When a malicious package was installed globally, later global remove, update, or add-replacement flows could re-derive those names from the installed manifest a...
K000161911: Node.js vulnerability CVE-2026-48936
Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...
CVE-2026-53116 s390/ap: use generic driver_override infrastructure
In the Linux kernel, the following vulnerability has been resolved: s390/ap: use generic driveroverride infrastructure When the AP masks are updated via apmaskstore or aqmaskstore, apbusrevisebindings is called after apattrmutex has been released. This calls aprevisereserved, which accesses the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iommufd/selftest: A overflow issue was identified in IOMMUTESTOPADDRESERVED. syzkaller discovered that this could lead to an overflow in the test infrastructure and cause a WARN message by corrupting the reserved interval tree...
CVE-2020-9713
CVE-2020-9713 is an out-of-bounds read (CWE-125) in Adobe Acrobat and Reader. Affected are versions including 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier. The vulnerability could disclose sensitive memory and requires user interaction (vi...
Access of Resource Using Incompatible Type ('Type Confusion')
Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' through improper handling of reserved keys in the JSON protocol when serializing CedarMap. An attacker can cause unauthorized access or manipulation of data by supplying...
CedarJava has type confusion vulnerability
Summary CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. Under certain circumstances, improper input handling could allow type confusion across the Java-Rust FFI boundary. Impact Record-to-Entity type confusion across the...
PT-2026-50975
Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 2.3.6 CedarJava versions prior to 3.4.1 CedarJava versions prior to 4.9 Description Improper input handling allows Record-to-Entity type confusion across the Java-Rust FFI Foreign Function Interface boundary...
CVE-2024-35648
No technical details are provided in the connected documents for CVE-2024-35648 beyond the description of a CSRF vulnerability in the Emergency Password Reset plugin (WordPress)
CVE-2024-33909
CVE-2024-33909 affects WordPress iPages Flipbook (vulnerable up to 1.5.1) and is a Missing Authorization/ broken access control issue. The connected records indicate an improper authorization check allowing access to protected resources due to incorrectly configured access control levels. Impact ...
CVE-2024-32949
Technical details for CVE-2024-32949 are not provided in the supplied documents. No product/version/root-cause/impact/fix specifics are available here. Monitor for official updates from CVE records or vendor advisories.
CVE-2024-24709
CVE-2024-24709 targets the WordPress Shareaholic plugin, affecting versions up to 9.7.11. The root cause is a missing Authorization check on accept_terms_of_service, enabling a user with subscriber-level privileges (or higher) to exploit broken access control. The vulnerability is classified as M...
CVE-2024-34810
CVE-2024-34810 is a CSRF vulnerability affecting Skyline WP
CVE-2026-12222
A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...
CVE-2026-12222
CVE-2026-12222 affects Yealink SIP-T46U (firmware 108.86.0.118) via the Web FastCGI Service: function mod_webd.BlueToothTest in /api/inner/bttest, where manipulating btMac/pin/reserved can trigger a stack-based overflow. Exploitation reportedly public and feasible within a local network; vendor d...
CVE-2026-49261
Disclaimer: This data contains information about vulnerable...
CVE-2022-47150
CVE-2022-47150 concerns CSRF in WordPress plugins referencing WooCommerce Conversion Tracking. Affected product: WooCommerce Conversion Tracking plugin for WordPress, versions up to and including 2.0.10. Underlying issue: Cross-Site Request Forgery, enabling unauthenticated or unauthorized action...
CVE-2022-42479
CVE-2022-42479 concerns a Broken Access Control in WordPress Soledad premium theme versions
CVE-2023-33999
Technical details on CVE-2023-33999 are not provided in the supplied documents. Please monitor for updates from vendors/security advisories before assessing impact, affected products, or fixes.
CVE-2022-48575
The CVE-2022-48575 issue affects macOS Monterey due to a consistency/state-handling defect that may allow a person with physical access to bypass the Login Window. The Apple security content notes this as fixed in macOS Monterey 12.4. Affected component: Login Window handling; root cause: improve...